Julia Bourkland, Research Assistant and Chaqya Hosea, Program Manager | May 2, 2023 Blog Post

Previously, Equity Forward began a blog series on the intersection of anti-abortion centers (AACs), data, and privacy. To contextualize the problem of AACs’ access to data, we will delve into the nature of surveillance and criminalization of pregnancy and pregnancy outcomes — specifically, abortion as a pregnancy outcome — and how data can be used against people for having abortions.

We spoke with experts from Pregnancy Justice (formerly National Advocates for Pregnant Women), a legal advocacy organization defending pregnant people against criminalization and other rights violations, and Upturn, a technology, equity and justice organization working to change the design, governance, and use of technology. Using their expertise, we will discuss how digital traces and digitized data can be weaponized against someone seeking abortion care, while accurately framing the role of digital surveillance within the history of abortion-related prosecutions. The future of how abortion care is surveilled and criminalized will be complicated by digital trails, digitized health information, and the persistence of data. 

The U.S. Has A Long History Of Surveilling And Criminalizing Pregnancy Outcomes

There is an extensive history of reproductive control and punishment in the United States. Pregnancy Justice has documented over 1,700 cases since Roe v. Wade, in which people were deprived of their liberty for reasons they never would have been had they not been pregnant. “Even prior to Dobbs v. Jackson Women’s Health Organization with Roe on the books, there were already remarkable rates of criminalization against pregnant and postpartum people, and a lot of those began with some form of surveillance,” says Emma Roth, a Pregnancy Justice staff attorney. 

Pregnancy Justice’s founder Lynn M. Paltrow, along with Jeanne Flavin, led a study identifying 413 known cases across the U.S. between 1973 and 2005 wherein people were legally targeted for their pregnancies. Where race was identifiable, a disproportionate number of arrests and detentions were brought against pregnant people of color (59 percent), with a particular targeting of Black women (52 percent of all cases), and pregnant people across the board were overwhelmingly economically disadvantaged. In cases where Paltrow and Flavin could identify the legal theory behind prosecution, pregnant people were targeted by invoking feticide laws with anti-abortion personhood measures (which attempt to extend separate constitutional rights to a fetus or embryo before viability), state abortion laws with personhood language, or misinterpretations of Roe. They also found anti-abortion statutes with personhood language were used against pregnant people with no intention of ending their pregnancies to justify arrests and detentions, as well as forced surgeries. Pregnancy Justice further documented approximately 1,331 such cases from 2006-2020.

The increased use of tech in accessing reproductive care has intensified concerns about the ability to surveil health care decisions. There have been quite a few high-profile examples of internet activity and data stored on cellphones being used in pregnancy-related arrests and prosecutions. Purvi Patel of Indiana, who had a self-managed abortion (SMA) in 2013 with mifepristone and misoprostol purchased online, was arrested and charged in 2015 under the state’s 2009 feticide law, and was originally issued a 20-year sentence. Patel was reported to the police by a healthcare provider. Latice Fisher, a Mississippi woman, was charged with second-degree murder after experiencing a pregnancy loss at home. Fisher gave her phone to the police during a consent search after a 911 call to her home. From there, internet search results, including the searched phrase "buy misoprostol abortion pill online," were used against her. Both of these cases occurred before Dobbs, when there was still a constitutional right to abortion in all 50 states. “[Fisher’s] case for a lot of people has served as sort of a harbinger of what is likely to come and the kind of typical ways in which a lot of these cases play out,” Roth said. 

While Roth mentions that the majority of the more than 1,700 cases Pregnancy Justice has analyzed do not concern SMA, other experts are beginning to track this as more data becomes available. The reproductive justice law group If/When/How recently released a report identifying 61 cases of SMA criminalization between 2000 and 2020 across 26 states.

How Law Enforcement Accesses Data

Although Dobbs amplified attention toward anti-abortion digital dragnets, both Roth and Emma Weil, a senior policy analyst at Upturn, emphasized that this method is seldom a starting point in the criminalization process. “The most common form of surveillance,” Roth says, “that functions as the inception of a criminal case is surveillance from the healthcare system and reporting by a healthcare provider to either criminal law enforcement or, in a lot of instances, to civil ‘child welfare,’ but we refer to that as family policing.” 

Data is searched for because law enforcement is told to look for it. In Paltrow and Flavin’s research, cases are overwhelmingly reported to police by health care professionals — specifically, doctors, nurses, midwives, hospital social workers or administrators, or drug treatment counselors. Likewise, in If/When/How’s research, the majority of disclosures came from health care providers or social workers (45 percent), followed by acquaintances (26 percent). According to Roth, in a majority of Pregnancy Justice’s cases, the inciting report is an allegation of substance use. 

“Law enforcement will rely on reports from healthcare providers where they may be tipped off by somebody — your coworker or friend or domestic partner.” Tip-offs rely on disclosed protected health information (PHI) — under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy Rule exception — and other information from patients’ medical records (including clinician emails or conversations with a provider). Police also get data through consent searches or already public information, such as social media posts. Case information doesn’t always need to be obtained via search warrant or subpoena for records: “[Police] use people's digital data all the time, but get it in sort of the more standard traditional ways of relying on people from the community or relying on self-disclosure from the defendant,” says Roth. While self-disclosures like phone searches are voluntary, these practices are coercive and not complying can be dangerous, especially given the structural racism and violence law enforcement is built on. “Most people do not feel comfortable saying no to the police, especially if you're in a hospital and the police say to search your phone, you've just been under tremendous stress," says Weil. "It's a really markedly unfair and terrible power dynamic in those contexts.” 

While the Biden Administration has emphasized that the HHS Office for Civil Rights will reinforce HIPAA to ensure patient privacy, the Privacy Rule still permits — but does not require — PHI disclosure in cases where police have a court order, subpoena, or other mandate. Plus, the usefulness of HIPAA depends on a state’s (anti-)abortion laws; in abortion-hostile states, HIPAA wouldn’t necessarily prevent patient records from being used as evidence in a prosecution.

One particularly appalling practice that has gotten a lot of attention is geofencing warrants, which allow law enforcement to gather anonymized data from any device within specific geographic and time parameters. “I think it's very easy for a company like Google or Facebook to say we will not comply with a geofence warrant,” Roth says. “Google can say, we will not comply if the Deputy Attorney in Mississippi or Alabama says to give the usernames of anybody who has Googled for mifepristone in this jurisdiction. Then it is obvious to Google what that prosecutor is looking for.”

“What's much trickier is when law enforcement is already investigating somebody and then just subpoenas Google or Facebook for all of that person's messages and data within a certain time period without using any language that would serve as a red flag for the service provider,” she says. This type of targeting for investigations underway is more difficult to find a solution for and has happened recently. A Nebraska teen and her mother were charged after purchasing a kit of mifepristone and misoprostol, with the case relying on Facebook Messenger data that Meta gave to law enforcement after the state submitted a search warrant — a warrant requesting all private data the company had on the individuals.

How Increasingly Digitized Health Information And Digital Trails Complicate Abortion Surveillance

Both digital trails and digitized health care infrastructure/health data complicate the means of surveillance for pregnancy and pregnancy outcomes — abortion included. This problem is exacerbated by dwindling equitable abortion access. Pre- and post-Dobbs, the lack of proximity to abortion providers and a hostile culture toward reproductive freedom drive people to look for health care information and resources online. “There is increasingly more medical advice and pharmacy infrastructure online. I think there's two sides of the situation, access and then the other side being criminalization,” says Weil. “The diminishing of access means there are different ways that people are going to be criminalized because there's less physical access. If you live in a state where there's no pharmacy that can give you abortion medication, then you can order it online or you could travel to get it, but those actions leave different digital trails.”

Keeping in mind that the inciting incident of an arrest or prosecution is typically a tip-off from a third-party, digital trails can be weaponized against people with an investigation in motion. Web searches, messages and emails, payments and receipts, or location data can serve as evidence of intent in an anti-abortion prosecution. Law enforcement can obtain search histories through consent searches or use keyword warrants to cast digital dragnets. Calls, voicemails, and messages without end-to-end encryption all have the potential to be used as evidence in a case. Payment histories documenting receipt of abortion pills can be used against someone. Third-party apps on our phones collect detailed location data (available for sale). These, in addition to databases for state police, welfare, and child protective services; social media activity; smart home and wearable devices; and menstrual tracking apps all store relevant reproductive health data.

Weil emphasizes that the foreverness of interoperable data makes problems worse. “There are now also more digital search tools and more aggregation and centralization of that data, and also persistence of that data. So, it's not being deleted automatically; it's being kept with Google, for example, which means that the police know where to look for it or know how to request it,” they say. “All of these digital traces that one doesn't really think too much about in the moment can just persist indefinitely and then be accessed by law enforcement.”

Digital trails documenting SMA in particular — because of political attempts to limit access to abortion pills, imbecile legal attacks, and states’ targeting of people who take them — can be used against someone. “There are many unintentional and intentional digital traces that can be the only evidence that exists in these contexts,” Weil says. “And that's what makes it a particularly scary context for police cell phone searches in these cases.”

Proactive Policy Can Alleviate Surveillance And Criminalization Concerns

Accessing health care, especially abortion care, should be a private process free from the threat of surveillance or criminalization. There is so much work to be done to ensure that pregnant people’s information is protected. Hostility toward reproductive health care ranges across states, and many categories of information are not commonly considered reproductive health data or HIPAA-protected. “When we think about a healthcare provider who has records on someone's medical procedures, that's obviously health data, but we should expand the bucket to anything that pertains to an abortion because it's about the nature of the investigation,” Weil says. 

And the biggest issue, Roth emphasizes, remains the threat of disclosure by health care providers. “So while figuring out solutions to digital sharing of data, it is really important [to remember that] it is so much more common for criminal cases to begin because a healthcare provider provides what the pregnant person thinks is their private healthcare information they're sharing in confidence to state authorities,” she says. 

To make progress on this problem, the Biden Administration needs to close HIPAA’s loopholes; the HHS has announced a Notice of Proposed Rulemaking that would address some of HIPAA’s existing privacy and confidentiality flaws. The U.S. also really needs to finally pass a federal data privacy protection law, as well as reproductive health care-specific laws like the “My Body, My Data” Act and the Secure Access for Essential Reproductive (SAFER) Health Act. California state law AB 1242 protects abortion data privacy by preventing out-of-state law enforcement from executing search warrants on California-based companies in anti-abortion cases, while AB 2091 prohibits health care providers from releasing medical records for people seeking abortion care when subpoenaed out-of-state. While the onus is on institutions, individuals can protect their privacy with resources such as Digital Defense Fund’s abortion privacy and security guide

For more information on AACs, please check out our related research: